Analysis
-
max time kernel
150s -
max time network
155s -
platform
debian-12_armhf -
resource
debian12-armhf-20240418-en -
resource tags
arch:armhfimage:debian12-armhf-20240418-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem -
submitted
05-07-2024 10:16
Behavioral task
behavioral1
Sample
5f7b2ca785644f866c5957e40605b539.elf
Resource
debian12-armhf-20240418-en
debian-12-armhf
3 signatures
150 seconds
General
-
Target
5f7b2ca785644f866c5957e40605b539.elf
-
Size
180KB
-
MD5
5f7b2ca785644f866c5957e40605b539
-
SHA1
bdaf4a7f38c212f60318876ea78b2deddd2bd058
-
SHA256
a8d90c57b6d277eefd335767a3a257c61c6213f7da03cf397b019b337622e014
-
SHA512
62f448888ebd21da9e0fb0ce1ccc90eac57b9a703d31ed49979d77db72ea07351e11e5ea11dbb01c56af6cb998949a8a0a95f1c1b4d637c673ecd406953d901c
-
SSDEEP
3072:fmcRhj0ma1W9YHk9ah/QqXFggKkY7mo67L/2p0o9M/RT7C7dT6:fmgh21W6E9ah/Qq1gB2ouL/U59M/RT7N
Score
6/10
Malware Config
Signatures
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
Processes:
5f7b2ca785644f866c5957e40605b539.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself a- M " 691 5f7b2ca785644f866c5957e40605b539.elf -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
5f7b2ca785644f866c5957e40605b539.elfdescription ioc process File opened for reading /proc/16/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/18/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/28/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/715/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/734/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/758/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/807/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/791/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/806/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/8/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/46/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/716/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/744/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/763/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/6/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/341/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/718/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/752/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/10/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/689/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/695/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/745/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/784/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/789/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/29/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/42/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/742/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/761/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/790/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/684/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/17/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/25/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/658/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/676/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/705/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/719/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/727/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/732/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/770/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/772/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/781/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/796/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/671/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/754/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/4/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/726/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/741/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/788/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/359/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/800/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/34/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/56/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/197/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/220/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/786/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/805/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/5/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/7/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/19/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/640/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/655/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/701/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/749/cmdline 5f7b2ca785644f866c5957e40605b539.elf File opened for reading /proc/793/cmdline 5f7b2ca785644f866c5957e40605b539.elf